Over the weekend, the Wannacry ransomware attack, which first surfaced for most countries on Friday, became vastly worse. The attack, which is still unfolding, is currently a fight between whitehat hackers, companies like Microsoft and the criminals attempting to run the world’s biggest extortion scheme. And the siege may not be over for months (or even years) as every security flaw on every computer will need to be patched before the ransomware can be contained. Now, Microsoft is putting the blame for this attack directly on the governments who hid security flaws for their own benefit.
Wannacry came about because of a leak of NSA secrets, including a flaw in older Windows systems called Eternalblue. Although Microsoft patched the problem back in March, institutions and individuals that didn’t bother to update their systems are still vulnerable to it. Microsoft’s response, after taking a share of the blame and urging customers to be engaged with and care about cybersecurity, goes on to blast governments for using exploits instead of helping to fix them:
We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
Or, in other words, nations hoard exploits to use for intelligence, and inevitably, those exploits leak and are used by crooks to cause enormous damage for the sake of cash. Despite the likely Russian origins of this attack, it seems clear that Wanacry was either an independent criminal enterprise or a case of severe backfire, as Russia was among the hardest hit of countries. The group that first revealed the exploit is believed to be associated in some form with the Russian government.
This is a sharp contrast to how tech companies handle these issues. Generally, computer scientists will publicly reveal exploits, usually after informing the company of the issue and giving them time to fix it, so that they can be fixed in other systems, and the whole computer ecosystem can be improved. Intelligence agencies, of course, are unlikely to acknowledge that cybersecurity should be valued over spying anytime soon, though, so really, the next ransomware attack is just a matter of time.
(Via The Verge)